I was recently doing an audit of AD group memberships and since I find it easier to do this by filtering a spreadsheet, I needed to get all groups and their members out to a CSV. This basic script does the job and captures key properties like the name, DN and SID for the group as well as the name, DN, SID and object class for the member. This information would be enough to re-create a group structure and re-populate members if you needed to.
# Get All AD Group members for all groups
$groups = Get-ADGroup -Filter *
foreach ($group in $groups) {
$members = Get-ADGroupMember -Identity $group
foreach ($member in $members) {
[PSCustomObject]@{
GroupName = $group.Name
GroupDN = $group.DistinguishedName
GroupSID = $group.SID
MemberName = $member.name
MemberDN = $member.DistinguishedName
MemberSID = $member.SID
MemberObjectClass = $member.ObjectClass
} | Export-Csv -Path C:\temp\all_adgroupmembers_20220323_1.csv -NoClobber -NoTypeInformation -Append
}
}
Code also on my github here.
Thanks for reading – Jesse
Jesse's SysAdmin Blog 